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In the Abstract; 

Kindly djrtete the original abstract and substitute the abstract provided as Appendix B. 
Iq the Claims; 

Please amend original claims 1-7, 12-16, 18, 22, and 31-34 as shown in Appendix C, 
and add new Claims 35-80 as shown in Appendix D. 

REMARKS 

Citation of AH 

A Supplemental Information Disclosure Statement accompanies this Response, 
including more complete copies of previously cited references in accordance with paragraph 
2 of the Examiner's Action. 
Drawings 

The above amendments to the specification and proposed amendments to drawing FIG. 
2 appear to obviate the objections mentioned in paragraph 3 of the Office Action. Formal 
drawings will be submitted in due course on allowance, complying with the requirement of 
the Draftsman's form PTO-948. 
Abstract 

A new abstract is provided, complying with 37 C.F.R. 1.72 and MPEP 608.01(b). 
Claims: 

Claims 1-80 remain in the case. 
Claims 1-34 are original 

Claims 35-80 are copied from U.S. Patent No. 5,815,665 (Teper et al.), granted 29 

September less than one (1) year before this submission, in accordance with 35 U.S.C. 
A 

135(b). 
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Applicants believe themselves to be the first inventors of the subject matter thereof 
and, in accordance with 37 C.F.R. 1.607, request that an interference be declared for the 
purpose of determining priority. 

The claims read on and are supported by applicants' disclosure as set out in 
APPENDIX E. 

Applicants propose their own claim(s) 1 and 18 as count(s) for such an interference. 
Applicants suggest tentatively that Patent Claim 1 corresponds to the count corresponding to 
Applicants' Claim 1. 
Rejection of Claims: 35 U.SC112 

Claims 1-7, 12-16, 18, 22, and 31-34 have been amended to take into account the 
Examiner's rejections in paragraphs 5-7 of the Office Action. 
Rejection Q f Claims; 35 U,S,C, 103; 

Original Claims 1-34 have been rejected as obvious over various combination of U.S. 
Patent 5,815,665 (Teper et al.) as the main reference. Since applicants have requested 
Declaration of Interference with Teper et al., the rejections appear to subject to withdrawal 
for this time. 

Extension qf Time; 

A Petition and fee for an extension of time accompanies this request. If additional 
extensions are found to be required, this is a Petition thereof. Please charge the required fees 
to Deposit Account No. 02-2838. 
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Extra claim fees and additional fees: 

The required fees for additional claims is being paid herewith. Please charge Deposit 
Account No. 02-2838 for any additional such claim fees (and credit any overpayment) which 
may be required by the filing of this paper. 

Based on the above amendments and remarks, it is believed that this case is now in 
condition for action on the merits, an indication of allowability, and a declaration of 
interference. In the event that the Examiner wishes to discuss this matter further, she is 
invited to contact the undersigned at his Worcester, Massachusetts office at (508) 753-5533 
for a telephone interview. 



CUSTOMER NUMBER 20433 

BLODGETT & BLODGETT, P.C. 
43 Highland Street 

Worcester, Massachusetts 01609-2797 
(508) 753-5533 



Respectfully submitted, 
BLODGETT & BLODGETT, P.C. 



Gerry A. Blodgett 
Attorney for Applicant 
Registration No. 26,090 
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1 . (Amended) A system for managing client accounts and controlling access to resources 
over data networks, said system comprising: 

(a) a mechanism for sharing client information and charges among a plurality of 
service providers, 

(b) A client who is registered with one of the service providers (the "home provider") 
and is allowed to access the resources of the other service providers ("outside 
providers") that are part of the system, 

(c) a setding means adapted to allow the system to settle accounts among service 
providers by charging the home provider for access by its clients to the resources of 
the outside providers, 

(d) . a payment means adapted to assure that the outside providers are then paid for 
that access through the system, 

(e) . a sharing means adapted to allow the system to allow the providers to share users 
without requiring an open account for each user at each provider, and 

(f) . a verification means including a token and an authentication server adapted to 
allow each provider to determine if a particular client is a member of the system, 
verify that the client has authenticated at his home provider, and determine this 
client's access privileges and criteria. 

2. (Amended) A system as recited in claim 1 including means by which [the] an owner 
of goods may sell access to those goods across a data network such that the owner may 
instantaneously and simultaneously display across the network multiple differing prices of the 
same good or classes of goods depending upon the alternative pricing requirements of other 
clients of the system as transferred by the system. 

3. (Amended) A system as recited in claim 1, including means by which one member 
of the system may instantaneously configure the form and substance of services or goods 
across a data network provided to different or unique clients in response to data about the 
client provided by the system along with the client's request for service. 
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4. (Amended) A system as recited in claim 1, including means by which one member 
of the system may instantaneously determine whether or what type or form of service or 
goods across a data network to provide to different or unique clients of the system based upon 
data about the client provided along with the client's request for service. 

5. (Amended) A system as recited in Claim 1, including means by which multiple 
members of the system may aggregate, transfer and share data about the clients of the system, 
in a standardized form which identifies each client by a unique alpha-numeric sequence, but 
where the personal identifying attributes of the client [(such as name, address or credit and 
billing information)] need be known only to the one system member responsible for enrolling 
the client. 

6. (Amended) A system as recited in Claim 1, [in] including means by which a client of 
the system may request access to, review of, or purchase of resources or goods across a data 
network of members of the system on the basis of specific attributes of the client which the 
client elects to provide at the moment when service is requested, where such attributes are 
technically capable of being an integral and automatic part of the request form. 

7. (Amended) A system as recited in Claim 1, [in] including means by which a provider 
of service under the system provides a client's preference, pricing and service-class 
information to a common service point in exchange for an authenticatable token, which the 
service provider then provides to its client, so that the client may in turn offer the token to 
multiple other service providers whose services or goods across a data network the client 
wishes to access, review or purchase. 




12. (Amended) A system as recited in Claim 11, including means by which discrete 
records are instantaneously sorted and stored in databases according to the identity of the 
service provider of the individual client whose activity resulted in the record being produced. 



13. (Amended) A system as recited in Claim 1, including means for collecting and 
aggregating records of financial charges for access to, review or acquisition of services or 
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goods across a data network such that the records may be supplied to the suppliers of client 
servers without knowledge of or reference to the ultimate form of payment by the client. 

14. (Amended) A system as recited in Claim 1, in which [the] said token is only "read" 
by [the] said authentication server, thus permitting the token to be private-key encrypted. 

15. (Amended) A system as recited in Claim 1, wherein which said client comprises an 
end user and has an end user's acc ount and an end user's account manager, for enabling an 
initiating Internet World Wide Web host to present in HyperText Markup Language (HTML) 
"hypertext links" which address services or goods available from multiple other receiving 
World Wide Web sites such that when the end user highlights or clicks the link a process is 
initiated whereby the receiving site is able to bill the end user's account manager for access 
to, review or acquisition of the services or goods, without regard to whether the end user's 
account is maintained by the initiating WWW host or by some other service provider. 

16. (Amended) A system as recited in Claim 1, which includes a sequence means adapted 
for obtaining, transferring and maintaining among multiple network clients a unique alpha- 
numeric sequence associated with a specific digital information resource or object for [the] 
a purpose [of recording usage, for billing, payment, copyright protection, ownership control, 
demographic analysis or any other purpose]; where the topological location of the resource 
on the network may not necessarily be related or relevant to the location where, or time 
when, the res ource was originally created. 



18. (Amended) A method for managing client accounts and controlling access to resources 
over data networks, said method comprising: 

(a) a method for sharing client information and charges among a plurality of service 
providers, 

(b) a step which creates a client who is registered with one of the service providers 
(the "home provider") and is allowed to access the resources of the other service 



Inventor Name: Oliver et al. 
Serial No. 09/036,236 



providers ("outside providers") that are part of the method, 

(c) a settling step adapted to allow the method to settle accounts among service 
providers by charging the home provider for access by its clients to the resources of 
the outside providers, 

(d) a payment step adapted to assure that the outside providers are then paid for that 
access through the method, 

(e) a sharing step adapted to allow the method to allow the providers to share users 
without requiring an open account for each user at each provider, and 

(f) a verification step including use of a token and an authentication server adapted to 
allow each provider to determine if a particular client is a member of the method, 
verify that the client has authenticated at his home provider, and determine this 
client's access privileges and criteria. 



22. (Amended) A method as recited in Claim 18, by which multiple members of the 
/ method may aggregate, transfer and share data about the clients of the method, in a 
J standardized form which identifies each client by a unique alpha-numeric sequence, but where 
J the personal identifying attributes of the client [(such as name, address or credit and billing 

information)] need be known only to the one method member responsible for enrolling the 

client. 



31. (Amended) A system as recited in Claim 18, in which [the] said token is only "read" 
by [the] said authentication server, thus permitting the token to be private-key encrypted. 

32. (Amended) A method as recited in claim 18, wherein which said client comprises an 
end user and has an end user's acc ount and an end user's account manager, for enabling an 
initiating Internet World Wide Web host to present in HyperText Markup Language (HTML) 
"hypertext links" which address services or goods available from multiple other receiving 
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World Wide Web sites such that when the end user highlights or clicks the link a process is 
initiated whereby the receiving site is able to bill the end user's account manager for access 
to, review or acquisition of the services or goods, without regard to whether the end user's 
account is maintained by the initiating WWW host or by some other service provider. 

33. (Amended) A method as recited in claim 18, including the step of obtaining, 
transferring and maintaining among multiple network clients a unique alpha-numeric sequence 
associated with a specific digital information resource or object for [the] a purpose [of 
recording usage, for billing, payment, copyright protection, ownership control, demographic 
analysis or any other purpose]; where the topological location of the resource on the network 
may not necessarily be related or relevant to the location where, or time when, the resource 
was originally created. 

34. (Amended) A method as recited in Claim 18 which includes sequence steps adapted 
for obtaining, transferring and maintaining among multiple network clients and their server 
a dynamically updated record of funds encumbered by a network user for the purchase of a 
digital information resource or resources such that each subsequent 

record of purchase in time, and the transfer to clients of an updated record of funds available 
or authorized to be encumbered, is accomplished. 
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A method of providing an online service to a user over a public network, the 
online service provided by a Service Provider (SP) site to a user computer via 
the public network, the method comprising the steps of: 

sending a request message from the user computer to the SP site over the 
public network to request the use of the online service; 

generating a challenge message at the SP site in response to the request 
message and sending the challenge message over the public network to the user 
computer; 

generating a response message in the user computer in response to the 
challenge message and sending the response message over the public network 
to the SP site, 

the response message including or being based upon an identifier of the user; 

sending at least the response message from the SP site to a remote online 
broker site, the online broker site having a brokering database which contains 
account information of registered users of an online brokering service of the 
online broker site; 

processing the response message at the remote online broker site to determine 
whether the response message is authentic, the step of processing comprising 
accessing the account information in the brokering database; 

sending a verification message from the remote online broker site to the SP 
site, the verification message indicating whether the response message is 
authentic; 
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retrieving access rights data of the user from the brokering database if the 
response message is authentic, the access rights data specifies a plurality of 
content categories to which the user has access, the plurality of content 
categories corresponding to a plurality of different online services offered by 
the SP site; 

sending the access rights data from the online broker site to the SP site; 

providing the online service from the SP site to the user computer over the 
public network if the verification message indicates that the response message 
is authentic; and 

denying access by the user to the online service if the verification message 
indicates that the response message is not authentic. 

36. A method as in claim 35, wherein the step of generating a response message 
comprises obtaining a password of the user. 

37. A method as in claim 36, wherein the step of generating the response message 
further comprises applying a cryptographic algorithm to at least the challenge 
message such that the resulting response message depends upon both the 
challenge message and the password. 

38. A method as in claim 36, wherein the step of obtaining the password of the 
user comprises retrieving the password from a password cache on the user 
computer, the password cache temporarily storing the password following 
manual entry by the user, the method thereby enabling the user to access 
multiple SP sites without re-entering the password. 

39. A method as in claim 35, further comprising the steps of: 
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assigning an anonymous identifier to the user at the online broker site and 
sending the anonymous identifier to the SP site to enable the SP site to 
anonymously charge the user for an online service; and 

generating a billing event at the SP site and sending the billing event to the 
online broker site, the billing event specifying at least (1) the anonymous 
identifier of the user, and (2) a monetary charge to be applied to an account 
of the user. 

40. A method as in claim 35, further comprising the steps of: 

establishing a connection between the user computer and the online broker site; 
and 

providing an online billing statement to the user over the connection, the 
online billing statement reflecting the monetary charge specified in the billing 
event. 

41. A method as in claim 35, further comprising the step of sending a billing 
statement from the online broker site to the user computer over the public 
network, the billing statement reflecting the monetary charge specified in the 
billing event. 

42. A method as in claim 35, further comprising the steps of: 

sending an access rights update request from the SP site to the remote online 
broker site, the access rights update request specifying an update to be made 
by the online brokering service to the access rights of the user; and 

processing the access rights update request at the online broker site by 
updating the access rights data of the user stored within the brokering 
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database. 

43. A method as in claim 35, further comprising the steps of: 

retrieving user-specific preference data of the user from the brokering database 
and sending the preference data from the online broker site to the SP site, the 
preference data indicating at least one user-specified preference for the 
customization of online services; and 

adjusting the online service provided from the SP site according to the 
user-specified preference. 

44. A method as in claim 43, wherein the preference data includes a connection 
speed at which the user computer connects to the public network, and wherein 
the step of adjusting comprises providing the service to the user computer at 
a speed which is commensurate with the connection speed. 

45. A method as in claim 43, wherein the preference data includes a display 
preference for the display of a particular type of media. 

46. A method as in claim 35, further comprising the steps of: 
generating a first session key at the user computer; 

generating a second session key at the online broker site and sending the 
second session key to the SP site, the second session key corresponding to the 
first session key; and 

using the first and second session keys to encrypt and decrypt message traffic 
between the user computer and the SP site as the online service is provided to 
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the user computer. 

47. A method as in claim 35, wherein the public network comprises the Internet. 

48. A method as in claim 35, wherein the steps of passing the request, challenge 
and response messages over the public network respectively comprise passing 
the request, challenge and response messages over a private network. 

49. A method providing a fee-based online service from a Service Provider (SP) 
site to a user over a public network while concealing the payment and personal 
information of the user from the Service Provider, comprising the steps of: 

providing an online broker site that provides an online brokering service, the 
online broker site having a brokering database which contains account 
information on the user and on other users of the online brokering service, the 
online broker site located remotely from the SP site; establishing a connection 
between a computer of the user ("user computer") and the SP site over at least 
the public network; 

generating an encrypted authentication message at the user computer and 
sending the authentication message to the online broker site via at least the 
public network; 

verifying the authentication message at the online broker site to thereby 
authenticate the user, the step of verifying comprising accessing the account 
information of the user stored in brokering database; 

generating an anonymous ID at the online broker site and sending the 
anonymous ID to the SP site to allow the SP site to charge the user for the 
online service; 

providing the online service from the SP site to the user computer over the 
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public network; 

retrieving user-specific customization data of the user from the brokering 
database and sending the customization data from the online broker site to the 
SP site, the customization data indicating a user-specified preference for the 
customization of the online service; 

adjusting the online service provided from the SP site according to the 
user-specified preference; and 

generating a billing event at the SP site and sending the billing event to the 
online broker site, the billing event specifying at least (1) the anonymous ID, 
and (2) a monetary charge to be applied to an account of the user. 

50. A method as in claim 49, wherein the step of generating an encrypted 
authentication message comprises the steps of prompting the user for a 
password and using the password to generate the authentication message, the 
password stored in the brokering database so that the online brokering service 
can determine whether the authentication message corresponds to the 
password. 

51. A method as in claim 49, wherein the step of sending the encrypted 
authentication message to the online broker site comprises the steps of: 

sending the authentication message from the user computer to the SP site over 
the public network; and 

sending the authentication message from the SP site to the online broker site. 

52. A method as in claim 49, further comprising the step of processing the billing 
event at the online broker site to thereby apply the charge to the account of the 
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user. 

53. A method as in claim 52, further comprising the step of providing an account 
statement from the online broker site to the user computer over at-least the 
public network, the account statement reflecting the charge specified in the 
billing event. 

54. A method as in claim 49, further comprising the steps of: 

retrieving access rights data of the user from the brokering database, the access 
rights data specifying the access rights of the user with respect to the online 
service and/or the SP site; and 

sending the access rights data from the online broker site to the SP site. 

55. A method as in claim 54, further comprising the step of interpreting the access 
rights data at the SP site to determine whether the user is authorized to access 
a particular content item of the SP site. 

56. A method as in claim 54, further comprising the step of sending an access 
rights update request from the SP site to the online broker site, the access 
rights update request specifying at least (1) the anonymous ID of the user, and 
(2) an update to be made by the online brokering service to the access rights 
data of the user. 

57. A method as in claim 49, wherein the customization data includes a connection 
speed at which the user computer connects to the public network, and wherein 
the step of adjusting comprises providing the service to the user computer at 
a speed which generally corresponds to the connection speed. 

58. A method as in claim 49, wherein the customization data includes a display 
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preference for the display of a particular type of media. 

59. A method as in claim 49, further comprising the steps of: 
generating a first session key at the user computer; 

generating a second session key at the online broker site and sending the 
second session key to the SP site, the second session key corresponding to the 
first session key; and 

using the first and second session keys to encrypt and decrypt message traffic 
between the user computer and the SP site as the online service is provided to 
the user computer. 

60. A method as in claim 49, wherein the public network comprises the Internet. 

61. A method as in claim 49, wherein the online service comprises a software 
download service. 

62. A method as in claim 49, wherein the online service comprises user access to 
an online version of a printed publication. 

63. A system for allowing users to securely access online service providers over 
an untrusted distributed network, comprising: 

a plurality of Service Provider (SP) sites connected to the distributed network, 
each SP site running at least one service application to provide an online 
service to users over the distributed network; 

a plurality of user computers connected to the distributed network, each user 
computer running at least one client application for accessing online services 
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of the SP sites; 

an online broker site connected to the plurality of SP sites, the online broker 
site running at least one brokering application to provide an online brokering 
service, the online broker site including a user database containing 
user-specific authentication information of users that have registered to use the 
online brokering service, the registered users accessing the SP sites from the 
users computers over the distributed network; 

a database which stores user-specific customization data, the customization 
data specifying preferences of the registered users with respect to the online 
services of the SP sites, the customization data provided to the SP sites by the 
online brokering service to enable the SP sites to customize the online services 
to the preferences of individual registered users; and 

an authentication protocol for allowing the online brokering service to 
authenticate registered users in response to user-specific authentication requests 
from the SP sites, the authentication requests responsive to requests from the 
user computers to access the online services of the SP sites, the authentication 
protocol implemented by software components of the user computers, the SP 
sites, and the online broker site. 

64. A system as in claim 63, further comprising a billing system for allowing the 
SP sites to charge the registered users for accesses to the online services by 
sending billing events to the online brokering service, the billing system 
including a centralized database for recording billing events to accounts of the 
registered users. 

65. A system as in claim 64, wherein the billing system includes a billing viewer 
application running on the user computers, the billing viewer application 
allowing a registered user to view a personal billing statement stored in the 
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centralized database, the billing statement including charges from multiple 
different SP sites of the plurality of SP sites. 

66. A system as in claim 63, further comprising an access rights database at the 
online broker site, the access rights database storing access rights data for a 
plurality of the registered users, the access rights data specifying access rights 
of the plurality of registered users with respect to the SP sites, the access 
rights data provided to the SP sites by the online brokering service. 

67. A system as in claim 63, wherein the authentication protocol implements a 
challenge-response protocol. 

68. A system as in claim 63, wherein the distributed network comprises the 
Internet. 

69. A method providing a fee-based online service from a Service Provider (SP) 
site to a user over a distributed network while concealing the payment and 
personal information of the user from the Service Provider, comprising the 
steps of: 

providing an online broker site that provides an online brokering service, the 
online broker site having a brokering database which contains account 
information on the user and on other users of the online brokering service, the 
online broker site located remotely from the SP site; 

sending an access request from a computer of the user ("user computer") over 
the distributed network to the SP site; 

sending an authentication request from the SP site to the online broker site in 
response to the access request; 
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prompting the user for a user identifier at the user computer and sending the 
user identifier to the online broker site; 

authenticating the user at the online broker in response to the authentication 
request, the step of authenticating comprising using the user identifier sent 
from the user computer to access the account information stored within the 
brokering database; 

sending a verification message from the online broker site to the SP site in 
response to the authentication request, the verification message indicating 
whether the step of authenticating was successful; 

retrieving access rights data of the user from the brokering database if the step 
of authenticating is successful, the access rights data specifying a plurality of 
access rights of the user with respect to the online service and/or the SP site; 

sending the plurality of access rights data from the online broker site to the SP 
site to anonymously inform the SP site of the access rights of the user; 

~\ 

providing the fee-based online service from the SP site to the user computer 
over the distributed network only if the verification message indicates that the 
step of authenticating was successful; 

generation a billing event at the SP site and sending the billing event to the 
online broker site, the billing event anonymously identifying the user to the 
online brokering service, the billing event including a charge for the providing 
of the online service to the user computer; and 

updating an account of the user at the online broker site to reflect the charge 
included within the billing event. 
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70. A method as in claim 69, further comprising the step of providing an account 
statement from the online broker site to the user computer over at-least the 
distributed network, the account statement reflecting the charge included in the 
billing event. 

71. An online brokering service for allowing users of a public network to 
anonymously purchase online services from Service Provider (SP) sites on the 
public network, the online brokering service provided from an online broker 
site that is located remotely from the SP sites, the online brokering service 
comprising: 

a database which contains account information of users that have registered 
with online brokering service, the account information including at least a 
unique identifier of each registered user; 

a billing system for recording monetary charges to accounts of registered 
users, the monetary charges corresponding to online services purchased from 
the SP sites over the public network; and 

a software package running at the online broker site, the software package 
performing at least the following functions: 

(a) authenticating registered users in response to authentication requests 
received from the SP sites, the authentication requests generated in 
response to attempts by registered users to access online services of the 
SP sites, said authenticating comprising accessing the database to verify 
user account information; 

(b) receiving user-specific billing events from the SP sites and passing the 
billing events to the billing system to update the accounts of registered 
users, each billing event specifying at least (1) an anonymous ID of a 
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registered user, and (2) a charge to be applied to the account of the 
registered user; and 

(c) retrieving user-specific access rights data from the database in response 
to requests from the SP sites and transmitting the access rights data to 
the SP sites, the access rights data specifying a plurality of content 
categories or services to which a registered user has access and 
enabling the SP sites to provide customized access rights to the 
registered users. 

72. An online brokering service as in claim 71, wherein the software package 
further performs the function of: 

retrieving user-specific customization data from the database in response to 
requests from the SP sites and transmitting the customization data to the SP 
sites, the customization data indicating user specified preferences for enabling 
the SP sites to provide user customized online services. 

73. An online brokering service as in claim 71, wherein the billing system 
comprises a software module for allowing the registered user to remotely 
access an online billing statement, the online billing statement reflecting billing 
events received by the online broker site from multiple different SP sites. 

74. An online brokering service as in claim 71, wherein the public network 
comprises the Internet. 

75. A virtual online services network for allowing users to directly access service 
provider (SP) sites over a public network, comprising: 

an online brokering service running on at least one site of a computer network, 
the online brokering service storing account and billing information for a 
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plurality of users of the public network, each of the users having a respective 
account with the online brokering service, the online brokering service 
providing online access by the users to account-specific billing information; 

a plurality of fee-based online services running on a plurality of independent 
service provider (SP) sites on the public network, the SP sites directly 
accessible to the users over the public network, each SP site being registered 
with the online brokering service and being configured to use the online 
brokering service to authenticate the users when the users connect to the SP 
sites over the public network, the fee-based services configured to generate 
account-specific billing events in response to uses of the online services by the 
users and to forward the billing events to the online brokering service so that 
the users are billed for the online services from a centralized billing location; 
and 

a log-on protocol which allows the users to access the plurality of online 
services using their respective accounts with the online brokering service, the 
log-on protocol configured to (1) prompt a user for an account identifier, (2) 
cache the account identifier during the course of a user log-on session, and (3) 
use the cached account identifier to access multiple different SP sites, the 
log-on protocol thereby allowing the user to seemlessly access the plurality of 
fee-based online services following a single log-on event; 

wherein the online brokering service stores user-specific access rights data, and 
provides the access rights data specifying access rights for a plurality of online 
services for a specific user to the SP sites in response to requests from the SP 
sites, and wherein the fee-based online services are configured to use the 
access rights data to automatically provide user-customized services to the 
users. 

76. A virtual online services network as in claim 75, wherein the log-on protocol 
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is implemented by respective software components stored on (1) the SP sites, 
(2) the at least one site of the online brokering service, and (3) computers of 
the users. 

77. A virtual online services network as in claim 75, wherein the log-on protocol 
includes a challenge-response authentication protocol for allowing the SP sites 
to authenticate the users. 

78. A virtual online services network as in claim 75, wherein the public network 
comprises the Internet. 

79. An apparatus comprising: 

A broker server operatively connected to a computer network, the broker 
server having a processor and a computer readable memory, the memory 
storing broker server implementation software, including customer access 
software, site linking software to link customers to selected sites on the 
computer network and at least one data structure; 

the at least one data structure including a list of registered customers along 
with corresponding ID and payment information, and including a list of online 
sites with their corresponding linking information, the list of online sites being 
a subset of the sites available to users of the computer network, the at least 
one data structure further including access rights to a plurality of online 
services provided by at least one online site within the list of online sites; 

whereby the broker server facilitates seamless connection between a selected 
customer from its list of customers and a selected online site from the listed 
online sites to create a virtual online service, including providing the selected 
customer's access rights to the plurality of online services provided by the 
selected online site. 
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80. An apparatus as in claim 79, wherein the computer network is a public 
network which comprises the Internet, and wherein the online sites are World 
Wide Web sites of the Internet. 



